<!doctype html>

<html>
<head>
  <link rel="shortcut icon" href="static/images/favicon.ico" type="image/x-icon">
  <title>safehtml.js (Closure Library API Documentation - JavaScript)</title>
  <link rel="stylesheet" href="static/css/base.css">
  <link rel="stylesheet" href="static/css/doc.css">
  <link rel="stylesheet" href="static/css/sidetree.css">
  <link rel="stylesheet" href="static/css/prettify.css">

  <script>
     var _staticFilePath = "static/";
     var _typeTreeName = "goog";
     var _fileTreeName = "Source";
  </script>

  <script src="static/js/doc.js">
  </script>


  <meta charset="utf8">
</head>

<body onload="grokdoc.onLoad();">

<div id="header">
  <div class="g-section g-tpl-50-50 g-split">
    <div class="g-unit g-first">
      <a id="logo" href="index.html">Closure Library API Documentation</a>
    </div>

    <div class="g-unit">
      <div class="g-c">
        <strong>Go to class or file:</strong>
        <input type="text" id="ac">
      </div>
    </div>
  </div>
</div>

<div class="clear"></div>

<h2><a href="local_closure_goog_html_safehtml.js.html">safehtml.js</a></h2>

<pre class="prettyprint lang-js">
<a name="line1"></a>// Copyright 2013 The Closure Library Authors. All Rights Reserved.
<a name="line2"></a>//
<a name="line3"></a>// Licensed under the Apache License, Version 2.0 (the &quot;License&quot;);
<a name="line4"></a>// you may not use this file except in compliance with the License.
<a name="line5"></a>// You may obtain a copy of the License at
<a name="line6"></a>//
<a name="line7"></a>//      http://www.apache.org/licenses/LICENSE-2.0
<a name="line8"></a>//
<a name="line9"></a>// Unless required by applicable law or agreed to in writing, software
<a name="line10"></a>// distributed under the License is distributed on an &quot;AS-IS&quot; BASIS,
<a name="line11"></a>// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<a name="line12"></a>// See the License for the specific language governing permissions and
<a name="line13"></a>// limitations under the License.
<a name="line14"></a>
<a name="line15"></a>
<a name="line16"></a>/**
<a name="line17"></a> * @fileoverview The SafeHtml type and its builders.
<a name="line18"></a> *
<a name="line19"></a> * TODO(user): Link to document stating type contract.
<a name="line20"></a> */
<a name="line21"></a>
<a name="line22"></a>goog.provide(&#39;goog.html.SafeHtml&#39;);
<a name="line23"></a>
<a name="line24"></a>goog.require(&#39;goog.array&#39;);
<a name="line25"></a>goog.require(&#39;goog.asserts&#39;);
<a name="line26"></a>goog.require(&#39;goog.dom.tags&#39;);
<a name="line27"></a>goog.require(&#39;goog.html.SafeStyle&#39;);
<a name="line28"></a>goog.require(&#39;goog.html.SafeUrl&#39;);
<a name="line29"></a>goog.require(&#39;goog.i18n.bidi.Dir&#39;);
<a name="line30"></a>goog.require(&#39;goog.i18n.bidi.DirectionalString&#39;);
<a name="line31"></a>goog.require(&#39;goog.object&#39;);
<a name="line32"></a>goog.require(&#39;goog.string&#39;);
<a name="line33"></a>goog.require(&#39;goog.string.Const&#39;);
<a name="line34"></a>goog.require(&#39;goog.string.TypedString&#39;);
<a name="line35"></a>
<a name="line36"></a>
<a name="line37"></a>
<a name="line38"></a>/**
<a name="line39"></a> * A string that is safe to use in HTML context in DOM APIs and HTML documents.
<a name="line40"></a> *
<a name="line41"></a> * A SafeHtml is a string-like object that carries the security type contract
<a name="line42"></a> * that its value as a string will not cause untrusted script execution when
<a name="line43"></a> * evaluated as HTML in a browser.
<a name="line44"></a> *
<a name="line45"></a> * Values of this type are guaranteed to be safe to use in HTML contexts,
<a name="line46"></a> * such as, assignment to the innerHTML DOM property, or interpolation into
<a name="line47"></a> * a HTML template in HTML PC_DATA context, in the sense that the use will not
<a name="line48"></a> * result in a Cross-Site-Scripting vulnerability.
<a name="line49"></a> *
<a name="line50"></a> * Instances of this type must be created via the factory methods
<a name="line51"></a> * ({@code goog.html.SafeHtml.from}, {@code goog.html.SafeHtml.htmlEscape}), etc
<a name="line52"></a> * and not by invoking its constructor.  The constructor intentionally takes no
<a name="line53"></a> * parameters and the type is immutable; hence only a default instance
<a name="line54"></a> * corresponding to the empty string can be obtained via constructor invocation.
<a name="line55"></a> *
<a name="line56"></a> * @see goog.html.SafeHtml#from
<a name="line57"></a> * @see goog.html.SafeHtml#htmlEscape
<a name="line58"></a> * @constructor
<a name="line59"></a> * @final
<a name="line60"></a> * @struct
<a name="line61"></a> * @implements {goog.i18n.bidi.DirectionalString}
<a name="line62"></a> * @implements {goog.string.TypedString}
<a name="line63"></a> */
<a name="line64"></a>goog.html.SafeHtml = function() {
<a name="line65"></a>  /**
<a name="line66"></a>   * The contained value of this SafeHtml.  The field has a purposely ugly
<a name="line67"></a>   * name to make (non-compiled) code that attempts to directly access this
<a name="line68"></a>   * field stand out.
<a name="line69"></a>   * @private {string}
<a name="line70"></a>   */
<a name="line71"></a>  this.privateDoNotAccessOrElseSafeHtmlWrappedValue_ = &#39;&#39;;
<a name="line72"></a>
<a name="line73"></a>  /**
<a name="line74"></a>   * A type marker used to implement additional run-time type checking.
<a name="line75"></a>   * @see goog.html.SafeHtml#unwrap
<a name="line76"></a>   * @const
<a name="line77"></a>   * @private
<a name="line78"></a>   */
<a name="line79"></a>  this.SAFE_HTML_TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_ =
<a name="line80"></a>      goog.html.SafeHtml.TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_;
<a name="line81"></a>
<a name="line82"></a>  /**
<a name="line83"></a>   * This SafeHtml&#39;s directionality, or null if unknown.
<a name="line84"></a>   * @private {?goog.i18n.bidi.Dir}
<a name="line85"></a>   */
<a name="line86"></a>  this.dir_ = null;
<a name="line87"></a>};
<a name="line88"></a>
<a name="line89"></a>
<a name="line90"></a>/**
<a name="line91"></a> * @override
<a name="line92"></a> * @const
<a name="line93"></a> */
<a name="line94"></a>goog.html.SafeHtml.prototype.implementsGoogI18nBidiDirectionalString = true;
<a name="line95"></a>
<a name="line96"></a>
<a name="line97"></a>/** @override */
<a name="line98"></a>goog.html.SafeHtml.prototype.getDirection = function() {
<a name="line99"></a>  return this.dir_;
<a name="line100"></a>};
<a name="line101"></a>
<a name="line102"></a>
<a name="line103"></a>/**
<a name="line104"></a> * @override
<a name="line105"></a> * @const
<a name="line106"></a> */
<a name="line107"></a>goog.html.SafeHtml.prototype.implementsGoogStringTypedString = true;
<a name="line108"></a>
<a name="line109"></a>
<a name="line110"></a>/**
<a name="line111"></a> * Returns this SafeHtml&#39;s value a string.
<a name="line112"></a> *
<a name="line113"></a> * IMPORTANT: In code where it is security relevant that an object&#39;s type is
<a name="line114"></a> * indeed {@code SafeHtml}, use {@code goog.html.SafeHtml.unwrap} instead of
<a name="line115"></a> * this method. If in doubt, assume that it&#39;s security relevant. In particular,
<a name="line116"></a> * note that goog.html functions which return a goog.html type do not guarantee
<a name="line117"></a> * that the returned instance is of the right type. For example:
<a name="line118"></a> *
<a name="line119"></a> * &lt;pre&gt;
<a name="line120"></a> * var fakeSafeHtml = new String(&#39;fake&#39;);
<a name="line121"></a> * fakeSafeHtml.__proto__ = goog.html.SafeHtml.prototype;
<a name="line122"></a> * var newSafeHtml = goog.html.SafeHtml.from(fakeSafeHtml);
<a name="line123"></a> * // newSafeHtml is just an alias for fakeSafeHtml, it&#39;s passed through by
<a name="line124"></a> * // goog.html.SafeHtml.from() as fakeSafeHtml instanceof goog.html.SafeHtml.
<a name="line125"></a> * &lt;/pre&gt;
<a name="line126"></a> *
<a name="line127"></a> * @see goog.html.SafeHtml#unwrap
<a name="line128"></a> * @override
<a name="line129"></a> */
<a name="line130"></a>goog.html.SafeHtml.prototype.getTypedStringValue = function() {
<a name="line131"></a>  return this.privateDoNotAccessOrElseSafeHtmlWrappedValue_;
<a name="line132"></a>};
<a name="line133"></a>
<a name="line134"></a>
<a name="line135"></a>if (goog.DEBUG) {
<a name="line136"></a>  /**
<a name="line137"></a>   * Returns a debug string-representation of this value.
<a name="line138"></a>   *
<a name="line139"></a>   * To obtain the actual string value wrapped in a SafeHtml, use
<a name="line140"></a>   * {@code goog.html.SafeHtml.unwrap}.
<a name="line141"></a>   *
<a name="line142"></a>   * @see goog.html.SafeHtml#unwrap
<a name="line143"></a>   * @override
<a name="line144"></a>   */
<a name="line145"></a>  goog.html.SafeHtml.prototype.toString = function() {
<a name="line146"></a>    return &#39;SafeHtml{&#39; + this.privateDoNotAccessOrElseSafeHtmlWrappedValue_ +
<a name="line147"></a>        &#39;}&#39;;
<a name="line148"></a>  };
<a name="line149"></a>}
<a name="line150"></a>
<a name="line151"></a>
<a name="line152"></a>/**
<a name="line153"></a> * Performs a runtime check that the provided object is indeed a SafeHtml
<a name="line154"></a> * object, and returns its value.
<a name="line155"></a> * @param {!goog.html.SafeHtml} safeHtml The object to extract from.
<a name="line156"></a> * @return {string} The SafeHtml object&#39;s contained string, unless the run-time
<a name="line157"></a> *     type check fails. In that case, {@code unwrap} returns an innocuous
<a name="line158"></a> *     string, or, if assertions are enabled, throws
<a name="line159"></a> *     {@code goog.asserts.AssertionError}.
<a name="line160"></a> */
<a name="line161"></a>goog.html.SafeHtml.unwrap = function(safeHtml) {
<a name="line162"></a>  // Perform additional run-time type-checking to ensure that safeHtml is indeed
<a name="line163"></a>  // an instance of the expected type.  This provides some additional protection
<a name="line164"></a>  // against security bugs due to application code that disables type checks.
<a name="line165"></a>  // Specifically, the following checks are performed:
<a name="line166"></a>  // 1. The object is an instance of the expected type.
<a name="line167"></a>  // 2. The object is not an instance of a subclass.
<a name="line168"></a>  // 3. The object carries a type marker for the expected type. &quot;Faking&quot; an
<a name="line169"></a>  // object requires a reference to the type marker, which has names intended
<a name="line170"></a>  // to stand out in code reviews.
<a name="line171"></a>  if (safeHtml instanceof goog.html.SafeHtml &amp;&amp;
<a name="line172"></a>      safeHtml.constructor === goog.html.SafeHtml &amp;&amp;
<a name="line173"></a>      safeHtml.SAFE_HTML_TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_ ===
<a name="line174"></a>          goog.html.SafeHtml.TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_) {
<a name="line175"></a>    return safeHtml.privateDoNotAccessOrElseSafeHtmlWrappedValue_;
<a name="line176"></a>  } else {
<a name="line177"></a>    goog.asserts.fail(&#39;expected object of type SafeHtml, got \&#39;&#39; +
<a name="line178"></a>                      safeHtml + &#39;\&#39;&#39;);
<a name="line179"></a>    return &#39;type_error:SafeHtml&#39;;
<a name="line180"></a>  }
<a name="line181"></a>};
<a name="line182"></a>
<a name="line183"></a>
<a name="line184"></a>/**
<a name="line185"></a> * Shorthand for union of types that can be sensibly converted to strings.
<a name="line186"></a> * @private
<a name="line187"></a> * @typedef {string|number|boolean|!goog.string.TypedString|
<a name="line188"></a> *           !goog.i18n.bidi.DirectionalString}
<a name="line189"></a> */
<a name="line190"></a>goog.html.SafeHtml.StringLike_;
<a name="line191"></a>
<a name="line192"></a>
<a name="line193"></a>/**
<a name="line194"></a> * Shorthand for union of types that can be sensibly converted to SafeHtml.
<a name="line195"></a> * @private
<a name="line196"></a> * @typedef {!goog.html.SafeHtml.StringLike_|!goog.html.SafeHtml}
<a name="line197"></a> */
<a name="line198"></a>goog.html.SafeHtml.TextOrHtml_;
<a name="line199"></a>
<a name="line200"></a>
<a name="line201"></a>/**
<a name="line202"></a> * Returns HTML-escaped text as a SafeHtml object.
<a name="line203"></a> *
<a name="line204"></a> * If text is of a type that implements
<a name="line205"></a> * {@code goog.i18n.bidi.DirectionalString}, the directionality of the new
<a name="line206"></a> * {@code SafeHtml} object is set to {@code text}&#39;s directionality, if known.
<a name="line207"></a> * Otherwise, the directionality of the resulting SafeHtml is unknown (i.e.,
<a name="line208"></a> * {@code null}).
<a name="line209"></a> *
<a name="line210"></a> * @param {!goog.html.SafeHtml.StringLike_} text The string to escape.
<a name="line211"></a> * @return {!goog.html.SafeHtml} The escaped string, wrapped as a SafeHtml.
<a name="line212"></a> */
<a name="line213"></a>goog.html.SafeHtml.htmlEscape = function(text) {
<a name="line214"></a>  var dir = null;
<a name="line215"></a>  if (text.implementsGoogI18nBidiDirectionalString) {
<a name="line216"></a>    dir = text.getDirection();
<a name="line217"></a>  }
<a name="line218"></a>  var textAsString;
<a name="line219"></a>  if (text.implementsGoogStringTypedString) {
<a name="line220"></a>    textAsString = text.getTypedStringValue();
<a name="line221"></a>  } else {
<a name="line222"></a>    textAsString = String(text);
<a name="line223"></a>  }
<a name="line224"></a>  return goog.html.SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse_(
<a name="line225"></a>      goog.string.htmlEscape(textAsString), dir);
<a name="line226"></a>};
<a name="line227"></a>
<a name="line228"></a>
<a name="line229"></a>/**
<a name="line230"></a> * Coerces an arbitrary object into a SafeHtml object.
<a name="line231"></a> *
<a name="line232"></a> * If {@code textOrHtml} is already of type {@code goog.html.SafeHtml}, the same
<a name="line233"></a> * object is returned. Otherwise, {@code textOrHtml} is coerced to string, and
<a name="line234"></a> * HTML-escaped. If {@code textOrHtml} is of a type that implements
<a name="line235"></a> * {@code goog.i18n.bidi.DirectionalString}, its directionality, if known, is
<a name="line236"></a> * preserved.
<a name="line237"></a> *
<a name="line238"></a> * @param {!goog.html.SafeHtml.TextOrHtml_} textOrHtml The text or SafeHtml to
<a name="line239"></a> *     coerce.
<a name="line240"></a> * @return {!goog.html.SafeHtml} The resulting SafeHtml object.
<a name="line241"></a> */
<a name="line242"></a>goog.html.SafeHtml.from = function(textOrHtml) {
<a name="line243"></a>  if (textOrHtml instanceof goog.html.SafeHtml) {
<a name="line244"></a>    return textOrHtml;
<a name="line245"></a>  } else if (textOrHtml.implementsGoogI18nBidiDirectionalString) {
<a name="line246"></a>    // Do not coerce to string, to preserve directionality.
<a name="line247"></a>    return goog.html.SafeHtml.htmlEscape(textOrHtml);
<a name="line248"></a>  } else if (textOrHtml.implementsGoogStringTypedString) {
<a name="line249"></a>    return goog.html.SafeHtml.htmlEscape(textOrHtml.getTypedStringValue());
<a name="line250"></a>  } else {
<a name="line251"></a>    return goog.html.SafeHtml.htmlEscape(String(textOrHtml));
<a name="line252"></a>  }
<a name="line253"></a>};
<a name="line254"></a>
<a name="line255"></a>
<a name="line256"></a>/**
<a name="line257"></a> * @const
<a name="line258"></a> * @private
<a name="line259"></a> */
<a name="line260"></a>goog.html.SafeHtml.VALID_NAMES_IN_TAG_ = /^[a-zA-Z0-9-]+$/;
<a name="line261"></a>
<a name="line262"></a>
<a name="line263"></a>/**
<a name="line264"></a> * Set of attributes containing URL as defined at
<a name="line265"></a> * http://www.w3.org/TR/html5/index.html#attributes-1.
<a name="line266"></a> * @const
<a name="line267"></a> * @private
<a name="line268"></a> */
<a name="line269"></a>goog.html.SafeHtml.URL_ATTRIBUTES_ = goog.object.createSet(&#39;action&#39;, &#39;cite&#39;,
<a name="line270"></a>    &#39;data&#39;, &#39;formaction&#39;, &#39;href&#39;, &#39;manifest&#39;, &#39;poster&#39;, &#39;src&#39;);
<a name="line271"></a>
<a name="line272"></a>
<a name="line273"></a>// TODO(user): Perhaps add &lt;template&gt; used by Polymer?
<a name="line274"></a>/**
<a name="line275"></a> * Set of tag names that are too dangerous.
<a name="line276"></a> * @const
<a name="line277"></a> * @private
<a name="line278"></a> */
<a name="line279"></a>goog.html.SafeHtml.NOT_ALLOWED_TAG_NAMES_ = goog.object.createSet(&#39;link&#39;,
<a name="line280"></a>    &#39;script&#39;, &#39;style&#39;);
<a name="line281"></a>
<a name="line282"></a>
<a name="line283"></a>/**
<a name="line284"></a> * @private
<a name="line285"></a> * @typedef {string|goog.string.Const|goog.html.SafeUrl|goog.html.SafeStyle}
<a name="line286"></a> */
<a name="line287"></a>goog.html.SafeHtml.AttributeValue_;
<a name="line288"></a>
<a name="line289"></a>
<a name="line290"></a>/**
<a name="line291"></a> * Creates a SafeHtml content consisting of a tag with optional attributes and
<a name="line292"></a> * optional content.
<a name="line293"></a> * @param {string} tagName The name of the tag. Only tag names consisting of
<a name="line294"></a> *     [a-zA-Z0-9-] are allowed. &lt;link&gt;, &lt;script&gt; and &lt;style&gt; tags are not
<a name="line295"></a> *     supported.
<a name="line296"></a> * @param {!Object.&lt;string, goog.html.SafeHtml.AttributeValue_&gt;=}
<a name="line297"></a> *     opt_attributes Mapping from attribute names to their values. Only
<a name="line298"></a> *     attribute names consisting of [a-zA-Z0-9-] are allowed. Attributes with
<a name="line299"></a> *     a special meaning (e.g. on*) require goog.string.Const value, attributes
<a name="line300"></a> *     containing URL require goog.string.Const or goog.html.SafeUrl. Value of
<a name="line301"></a> *     null or undefined causes the attribute to be omitted. Values are
<a name="line302"></a> *     HTML-escaped before usage.
<a name="line303"></a> * @param {!goog.html.SafeHtml.TextOrHtml_|
<a name="line304"></a> *     !Array.&lt;!goog.html.SafeHtml.TextOrHtml_&gt;=} opt_content Content to put
<a name="line305"></a> *     inside the tag. This must be empty for void tags like &lt;br&gt;. Array
<a name="line306"></a> *     elements are concatenated.
<a name="line307"></a> * @return {!goog.html.SafeHtml} The SafeHtml content with the tag.
<a name="line308"></a> * @throws {Error} If invalid tag name, attribute name, or attribute value is
<a name="line309"></a> *     provided.
<a name="line310"></a> * @throws {goog.asserts.AssertionError} If content for void tag is provided.
<a name="line311"></a> */
<a name="line312"></a>goog.html.SafeHtml.create = function(tagName, opt_attributes, opt_content) {
<a name="line313"></a>  if (!goog.html.SafeHtml.VALID_NAMES_IN_TAG_.test(tagName)) {
<a name="line314"></a>    throw Error(&#39;Invalid tag name &lt;&#39; + tagName + &#39;&gt;.&#39;);
<a name="line315"></a>  }
<a name="line316"></a>  if (tagName.toLowerCase() in goog.html.SafeHtml.NOT_ALLOWED_TAG_NAMES_) {
<a name="line317"></a>    throw Error(&#39;Tag name &lt;&#39; + tagName + &#39;&gt; is not allowed for SafeHtml.&#39;);
<a name="line318"></a>  }
<a name="line319"></a>  var dir = null;
<a name="line320"></a>  var result = &#39;&lt;&#39; + tagName;
<a name="line321"></a>
<a name="line322"></a>  if (opt_attributes) {
<a name="line323"></a>    for (var name in opt_attributes) {
<a name="line324"></a>      if (!goog.html.SafeHtml.VALID_NAMES_IN_TAG_.test(name)) {
<a name="line325"></a>        throw Error(&#39;Invalid attribute name &quot;&#39; + name + &#39;&quot;.&#39;);
<a name="line326"></a>      }
<a name="line327"></a>      var value = opt_attributes[name];
<a name="line328"></a>      if (value == null) {
<a name="line329"></a>        continue;
<a name="line330"></a>      }
<a name="line331"></a>      if (value instanceof goog.string.Const) {
<a name="line332"></a>        // If it&#39;s goog.string.Const, allow any valid attribute name.
<a name="line333"></a>        value = goog.string.Const.unwrap(value);
<a name="line334"></a>      } else if (/^on/i.test(name)) {
<a name="line335"></a>        // TODO(user): Disallow more attributes with a special meaning.
<a name="line336"></a>        throw Error(&#39;Attribute &quot;&#39; + name +
<a name="line337"></a>            &#39;&quot; requires goog.string.Const value, &quot;&#39; + value + &#39;&quot; given.&#39;);
<a name="line338"></a>      } else if (value instanceof goog.html.SafeUrl) {
<a name="line339"></a>        // If it&#39;s goog.html.SafeUrl, allow any non-JavaScript attribute name.
<a name="line340"></a>        value = goog.html.SafeUrl.unwrap(value);
<a name="line341"></a>      } else if (name.toLowerCase() in goog.html.SafeHtml.URL_ATTRIBUTES_) {
<a name="line342"></a>        throw Error(&#39;Attribute &quot;&#39; + name +
<a name="line343"></a>            &#39;&quot; requires goog.string.Const or goog.html.SafeUrl value, &quot;&#39; +
<a name="line344"></a>            value + &#39;&quot; given.&#39;);
<a name="line345"></a>      } else if (value instanceof goog.html.SafeStyle) {
<a name="line346"></a>        // TODO(user): Allow &quot;style&quot; only with SafeStyle when it supports
<a name="line347"></a>        // dynamic construction.
<a name="line348"></a>        goog.asserts.assert(name.toLowerCase() == &#39;style&#39;,
<a name="line349"></a>            &#39;goog.html.SafeStyle is only supported in &quot;style&quot; attribute.&#39;);
<a name="line350"></a>        value = goog.html.SafeStyle.unwrap(value);
<a name="line351"></a>      }
<a name="line352"></a>      result += &#39; &#39; + name + &#39;=&quot;&#39; + goog.string.htmlEscape(value) + &#39;&quot;&#39;;
<a name="line353"></a>    }
<a name="line354"></a>  }
<a name="line355"></a>
<a name="line356"></a>  var content = opt_content;
<a name="line357"></a>  if (!goog.isDef(content)) {
<a name="line358"></a>    content = [];
<a name="line359"></a>  } else if (!goog.isArray(content)) {
<a name="line360"></a>    content = [content];
<a name="line361"></a>  }
<a name="line362"></a>
<a name="line363"></a>  if (goog.dom.tags.isVoidTag(tagName.toLowerCase())) {
<a name="line364"></a>    goog.asserts.assert(!content.length,
<a name="line365"></a>        &#39;Void tag &lt;&#39; + tagName + &#39;&gt; does not allow content.&#39;);
<a name="line366"></a>    result += &#39;&gt;&#39;;
<a name="line367"></a>  } else {
<a name="line368"></a>    var html = goog.html.SafeHtml.concat(content);
<a name="line369"></a>    result += &#39;&gt;&#39; + goog.html.SafeHtml.unwrap(html) + &#39;&lt;/&#39; + tagName + &#39;&gt;&#39;;
<a name="line370"></a>    dir = html.getDirection();
<a name="line371"></a>  }
<a name="line372"></a>
<a name="line373"></a>  var dirAttribute = opt_attributes &amp;&amp; opt_attributes[&#39;dir&#39;];
<a name="line374"></a>  if (dirAttribute) {
<a name="line375"></a>    if (dirAttribute.toLowerCase() == &#39;ltr&#39;) {
<a name="line376"></a>      dir = goog.i18n.bidi.Dir.LTR;
<a name="line377"></a>    } else if (dirAttribute.toLowerCase() == &#39;rtl&#39;) {
<a name="line378"></a>      dir = goog.i18n.bidi.Dir.RTL;
<a name="line379"></a>    } else {
<a name="line380"></a>      dir = null;
<a name="line381"></a>    }
<a name="line382"></a>  }
<a name="line383"></a>
<a name="line384"></a>  return goog.html.SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse_(
<a name="line385"></a>      result, dir);
<a name="line386"></a>};
<a name="line387"></a>
<a name="line388"></a>
<a name="line389"></a>/**
<a name="line390"></a> * Creates a new SafeHtml object by concatenating the values.
<a name="line391"></a> * @param {...!goog.html.SafeHtml.TextOrHtml_|
<a name="line392"></a> *     !Array.&lt;!goog.html.SafeHtml.TextOrHtml_&gt;} var_args Elements of array
<a name="line393"></a> *     arguments would be processed recursively.
<a name="line394"></a> * @return {!goog.html.SafeHtml}
<a name="line395"></a> */
<a name="line396"></a>goog.html.SafeHtml.concat = function(var_args) {
<a name="line397"></a>  var dir = goog.i18n.bidi.Dir.NEUTRAL;
<a name="line398"></a>  var content = &#39;&#39;;
<a name="line399"></a>
<a name="line400"></a>  /**
<a name="line401"></a>   * @param {!goog.html.SafeHtml.TextOrHtml_|
<a name="line402"></a>   *     !Array.&lt;!goog.html.SafeHtml.TextOrHtml_&gt;} argument
<a name="line403"></a>   */
<a name="line404"></a>  var addArgument = function(argument) {
<a name="line405"></a>    if (goog.isArray(argument)) {
<a name="line406"></a>      goog.array.forEach(argument, addArgument);
<a name="line407"></a>    } else {
<a name="line408"></a>      var html = goog.html.SafeHtml.from(argument);
<a name="line409"></a>      content += goog.html.SafeHtml.unwrap(html);
<a name="line410"></a>      var htmlDir = html.getDirection();
<a name="line411"></a>      if (dir == goog.i18n.bidi.Dir.NEUTRAL) {
<a name="line412"></a>        dir = htmlDir;
<a name="line413"></a>      } else if (htmlDir != goog.i18n.bidi.Dir.NEUTRAL &amp;&amp; dir != htmlDir) {
<a name="line414"></a>        dir = null;
<a name="line415"></a>      }
<a name="line416"></a>    }
<a name="line417"></a>  };
<a name="line418"></a>
<a name="line419"></a>  goog.array.forEach(arguments, addArgument);
<a name="line420"></a>  return goog.html.SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse_(
<a name="line421"></a>      content, dir);
<a name="line422"></a>};
<a name="line423"></a>
<a name="line424"></a>
<a name="line425"></a>/**
<a name="line426"></a> * Type marker for the SafeHtml type, used to implement additional run-time
<a name="line427"></a> * type checking.
<a name="line428"></a> * @const
<a name="line429"></a> * @private
<a name="line430"></a> */
<a name="line431"></a>goog.html.SafeHtml.TYPE_MARKER_GOOG_HTML_SECURITY_PRIVATE_ = {};
<a name="line432"></a>
<a name="line433"></a>
<a name="line434"></a>/**
<a name="line435"></a> * Utility method to create SafeHtml instances.
<a name="line436"></a> *
<a name="line437"></a> * This function is considered &quot;package private&quot;, i.e. calls (using &quot;suppress
<a name="line438"></a> * visibility&quot;) from other files within this package are considered acceptable.
<a name="line439"></a> * DO NOT call this function from outside the goog.html package; use appropriate
<a name="line440"></a> * wrappers instead.
<a name="line441"></a> *
<a name="line442"></a> * @param {string} html The string to initialize the SafeHtml object with.
<a name="line443"></a> * @param {?goog.i18n.bidi.Dir} dir The directionality of the SafeHtml to be
<a name="line444"></a> *     constructed, or null if unknown.
<a name="line445"></a> * @return {!goog.html.SafeHtml} The initialized SafeHtml object.
<a name="line446"></a> * @private
<a name="line447"></a> */
<a name="line448"></a>goog.html.SafeHtml.createSafeHtmlSecurityPrivateDoNotAccessOrElse_ = function(
<a name="line449"></a>    html, dir) {
<a name="line450"></a>  var safeHtml = new goog.html.SafeHtml();
<a name="line451"></a>  safeHtml.privateDoNotAccessOrElseSafeHtmlWrappedValue_ = html;
<a name="line452"></a>  safeHtml.dir_ = dir;
<a name="line453"></a>  return safeHtml;
<a name="line454"></a>};
<a name="line455"></a>
<a name="line456"></a>
<a name="line457"></a>/**
<a name="line458"></a> * A SafeHtml instance corresponding to the empty string.
<a name="line459"></a> * @const {!goog.html.SafeHtml}
<a name="line460"></a> */
<a name="line461"></a>goog.html.SafeHtml.EMPTY = goog.html.SafeHtml.htmlEscape(&#39;&#39;);
</pre>


</body>
</html>
